risk assessment - chapters site - home · 2012-11-29 · •financial reporting (complexity and...
TRANSCRIPT
![Page 1: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/1.jpg)
Risk Assessment
IIA Dallas Chapter
December 1, 2011 Meeting
Katherine Findlay, CPA
![Page 2: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/2.jpg)
Developing a Risk Based Audit Plan
• Introduction to SWA Internal Audit
• Examples of inputs to the risk assessment process
• Frequency in which assessments are performed
• Who does what? Team Members’ roles in evaluating risk
• End Result----Audit Plan • Questions
Southwest Airlines Confidential
![Page 3: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/3.jpg)
Letsa Go!
Southwest Airlines Confidential
![Page 4: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/4.jpg)
Southwest Airlines Confidential
![Page 5: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/5.jpg)
• Objective, Qualified, Competent Employees
• Timely & Relevant Audits
• Truth Telling Partners
• Practical Solutions
• Advocates for Southwest Airlines’ Shareholders
Southwest Airlines Confidential
Operating Principles
![Page 6: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/6.jpg)
Today’s Agenda
• Introduction to SWA Internal Audit
• Examples of inputs to the risk assessment process
• Frequency in which assessments are performed
• Who does what? Team Member’s roles in evaluating risk
• End Result----Audit Plan • Questions
Southwest Airlines Confidential
![Page 7: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/7.jpg)
Goal: Propose a risk-based Audit Plan to the Audit Committee and Senior Leadership
Approach: Utilizing the Company’s Strategic Plan and List of Primary Business Processes (Process Universe), identify risks by performing the following:
Ensure business strategic goals and critical processes are identified
Conduct interviews to gain additional insights
Rank and prioritize based upon the importance to Business/Financial performance
Document results in the Risk Model
Build Plan by “themes” or process
Southwest Airlines Confidential
Risk Assessment Approach
![Page 8: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/8.jpg)
IIA Imperatives to Change-2011
“…review and assess the organization’s top risks and key performance indicators (KPIs) associated with the organization’s core business strategy (or strategies); and incorporate appropriate coverage of this strategy (or these strategies) into the internal audit plan.”
Southwest Airlines Confidential
![Page 9: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/9.jpg)
Understand Strategic Goals
• Stay current on Company information • Understand CEO’s “Battle Cry” • Gain an understanding of the Company’s strategic
plans • What are the performance indicators that the
CEO reviews? Trace the Money - Annual Operating Plans, Budgets, and Budget revisions
• Obtain Goals of Key Department Leaders • Review Company and competitors’ risks as
outlined in SEC Filings (10K, 10Q, etc.)
Southwest Airlines Confidential
![Page 10: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/10.jpg)
ANNUALLY Southwest Airlines Confidential
![Page 11: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/11.jpg)
MONTHLY
Southwest Airlines Confidential
![Page 12: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/12.jpg)
WEEKLY Southwest Airlines Confidential
![Page 13: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/13.jpg)
Key Points from Interviews
Customer needs to understand Internal Audit wants to focus on areas which will provide THEM value and/or required assurance
for the Company. You need candid participation.
• What are the areas of your business that are critical to your objectives?
• Are there areas in your span of control which have experienced high levels of change, and/or change in management?
• If you had more time/people, on what areas of your business would you focus?
• What reports does your organization provide on an ongoing basis that help you monitor risks?
Southwest Airlines Confidential
![Page 14: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/14.jpg)
Today’s Agenda
• Introduction to SWA Internal Audit • Examples of inputs to the risk assessment process • Frequency in which assessments are performed • Who does what? Team Members’ roles in
evaluating risk • End Result----Audit Plan • Questions
Southwest Airlines Confidential
![Page 15: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/15.jpg)
Who and How frequently?
Southwest Airlines Confidential
![Page 16: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/16.jpg)
How frequently do we assess risk?
It’s a Continual Cycle……
and…..
……..it is EVERYONE’s J-O-B
Southwest Airlines Confidential
![Page 17: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/17.jpg)
AHHRRRRR!
Southwest Airlines Confidential
![Page 18: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/18.jpg)
Benefits of Continual Process
• Keeps communication flow constant with the Business….COMMUNICATE, COMMUNICATE, COMMUNICATE
• Builds trusting relationships
• Keeps Employees engaged in the business of “knowing”
• Keeps your presence known
Southwest Airlines Confidential
![Page 19: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/19.jpg)
Continual Cycle…Why?
Business is Complex and Change is Inevitable
• The problems solved today change risk profile of business tomorrow
• Priorities shift (economic reasons, competitive reasons, energy prices, and acquisitions….)
We have limited resources & have to make choices
• We cannot invest in everything
• Our decisions must be made in the context of the “bigger picture”, not in isolation
• Timely & Relevant Audits
Southwest Airlines Confidential
![Page 20: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/20.jpg)
INSERT GARY AND BRIDES PIC!
SWA Confidentail
![Page 21: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/21.jpg)
Who Participates?
• Assign ownership to “Risk Assessment Team” and ensure Department knows how to communicate/document knowledge
• It is everyone’s job to “own” key relationships at appropriate levels and to understand challenges and concerns
Southwest Airlines Confidential
![Page 22: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/22.jpg)
Today’s Agenda
• Introduction to SWA Internal Audit • Potential inputs to the risk assessment process • Frequency in which assessments are
performed • Who does what? Team Member’s roles in
evaluating risk • End Result----Audit Plan • Questions
Southwest Airlines Confidential
![Page 23: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/23.jpg)
Building the Plan
All processes are scored and risk rankings are calculated based on:
• Fraud
• Financial Reporting (complexity and materiality)
• Regulatory / Legal
• Operational
• People
• Customer Experience
• Dependence on IT
Scores are calculated and categorized as High, Medium and Low Risks
Higher residual risk scores result in stronger consideration for audit engagements
Southwest Airlines Confidential
![Page 24: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/24.jpg)
Making Internal Audit Relevant
• Understand Company’s Strategic Goals
• Select a handful of “key” Leaders and visit regularly with them
• Stay competent and understand the “why’s” behind what you are doing
• Establish a strong risk assessment driven at providing timely, risk-based engagements
Southwest Airlines Confidential
![Page 25: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/25.jpg)
Audit Methodology
Established documented audit approach which provides:
• Formal guidance
• Sets performance expectations
• Drives consistency in work
Our Methodology provides a means for continual updates—it is a “living” process and extremely “planning-centric.”
Southwest Airlines Confidential
![Page 26: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/26.jpg)
…And Many More…
Southwest Airlines Confidential
![Page 27: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/27.jpg)
OWN IT! Southwest Airlines Confidential
![Page 28: Risk Assessment - Chapters Site - Home · 2012-11-29 · •Financial Reporting (complexity and materiality) •Regulatory / Legal •Operational •People •Customer Experience](https://reader033.vdocument.in/reader033/viewer/2022042010/5e71c05253585772955e8362/html5/thumbnails/28.jpg)
The End!
Southwest Airlines Confidential